Internet Explorer Security Patches IE Security Patches for 1999 Forrest Stroud
Internet Explorer Security Patches for 1999
12.10.99. The "Server-side Page Reference Redirect" Vulnerability Patch eliminates a vulnerability in Internet Explorer 4.01, 5.0, and 5.01 that could allow a malicious web site operator to view a file on the computer of a visiting user, provided that the web site operator knew the name and folder of the file. This patch also includes the previously-released "ImportExportFavorites" vulnerability patch.
12.02.99. The "WPAD Spoofing" Vulnerability Patch eliminates a vulnerability in Internet Explorer 5.0 that could allow a malicious user to provide proxy settings to web clients in another network via the IE 5 Web Proxy Auto-Discovery (WPAD) feature. Internet Explorer 5.01 does not have this vulnerability.
11.30.99. The "IE Task Scheduler" Vulnerability Patch eliminates a vulnerability that could allow a malicious user to gain additional privileges on a Windows NT machine that allowed him or her to create or change files via the Task Scheduler included in the Offline Browsing Pack of Internet Explorer 5.0. This vulnerability affects version 5.x of Internet Explorer when run on WinNT systems.
11.18.99. The "JavaScript Redirect" Vulnerability Patch eliminates a vulnerability that could allow a malicious web site operator to read files on the computer of a user who visited the site. This vulnerability affects versions 4.01 and 5.0 of Internet Explorer. We recommend all IE4 and IE5 users download the patch.
11.12.99. The "Active Setup Control" Vulnerability Patch fixes a vulnerability that could allow a malicious user to embed an unsafe executable within an e-mail and disguise it as a safe type of attachment. Through a complicated series of steps, the unsafe executable could be made to execute under certain conditions, if the user opened the attachment. The patch is a recommended download for all users of Internet Explorer 4/5.
11.04.99. The "IFRAME ExecCommand" Vulnerability Patch fixes a vulnerability in Internet Explorer that could allow a malicious web site operator to read files on the computer of a user who visited the site. This vulnerability affects version 5.0 of Internet Explorer and 4.01 versions prior to 4.01 SP2. The patch was originally released on Oct 11th, but a new patch was released on Nov 4th to correct a regression error. The IE5 patch also includes the previously-released fix for the "Download Behavior" vulnerability.
10.22.99. The "Virtual Machine Verifier" Vulnerability Patch can be downloaded in the form of an update Virtual Machine for Internet Explorer 4/5. The updated VM eliminates a security vulnerability that could allow a Java applet to take unauthorized actions on the computer of a web site visitor. Although no standard Java compiler can generate such an applet, a Java applet constructed by hand with a Java bytecode assembler could bypass the sandbox and take virtually any action on the computer that the user would be capable of taking. We recommend all IE4/5 users download the new VM (Build 3188).
10.12.99. The "Download Behavior" Vulnerability Patch is an update that eliminates security vulnerabilities in a feature called "download behavior" that allows web page authors to download files for use in client-side script. A web site should only be able to download files that reside in its domain (preventing client-side code from exposing files on the user's machine); however, a server-side redirect can be used to bypass this restriction, thereby enabling a malicious web site operator to read files on the user's machine or the user's local intranet. This only affects version 5.0 of Internet Explorer. We recommend IE5 users download the patch that was made available on 10/12/99.
9.27.99. The "ImportExportFavorites" Vulnerability Patch is an update that eliminates security vulnerabilities in a feature that allows users to export a list of their favorite web sites to a file, or to import a file of their favorite sites. It is possible for a web site to invoke this method, bypass restrictions, and write files that could be used to execute system commands. The net result is that a malicious web site operator potentially could take any action on the computer that the user would be capable of taking. We recommend that all Internet Explorer 4.01 and 5.0 users download this patch.
9.2.99. The "Scriptlet.typelib/Eyedog" Security Patch is an update that eliminates security vulnerabilities in two Internet Explorer ActiveX controls. These are huge security holes in that a Web page could take unauthorized action against any person who visited it. Specifically, the Web page would be able to do anything on the computer that the user could do. This security patch fixes all versions of Internet Explorer 4.x and 5.x. It is not yet available through the Windows Update site but is expected be released on the site by September 7th. We recommend that all Internet Explorer 4/5 users download the small security patch immediately.
9.2.99. The "Virtual Sandbox Machine" Security Patch is actually an updated Virtual Machine (Build 3816) client that eliminates a security vulnerability in which a Java applet could take unauthorized actions on the computer of a Web site visitor. All previous builds of the Microsoft VM in the 2000 and 3000 series for both Internet Explorer 4.x and 5.x are affected and need to be updated.
5.30.99. The "Malformed Favorites Icon" Security Patch is an update that actually eliminates two security vulnerabilities in Internet Explorer 4.x and 5.x. The "Malformed Favorites Icon" vulnerability could potentially allow arbitrary code to be run on your computer (only affects Windows 95/98 computers). The "Legacy ActiveX Control" could potentially allow your local hard drive to be read by others.
4.22.99. The "MSHTML" Security Patch is an update for the parsing engine for HTML in Internet Explorer 4/5 (MSHTML.DLL) that fixes three security vulnerabilities: 1) a privacy issue in which the 'img src' tag could be used to determine information about the files on a user's computer, a new variant of the previously identified cross-frame security vulnerability, and a new variant of the previously identified untrusted scripted paste vulnerability. Microsoft highly recommends that users of affected Internet Explorer 4.x/5.x download the fix. Note: The "MSHTML" patch also fixes the "Frame Spoof", "Untrusted Scripted Paste", and "Cross Frame Navigate" vulnerabilities.
4.22.99. The "DHTML Edit Control" Security Patch eliminates a vulnerability in an ActiveX control that is distributed in Internet Explorer 5 and downloadable for Internet Explorer 4.0. The vulnerability could allow a malicious Web site operator to read information that a user had loaded into the control, and it also could allow files with known names to be copied from the user's local hard drive.
